Researchers at security firm Proofpoint, who discovered this particular campaign,elaborate on what sets angler phishing apart from ordinary phishing attacks:

“The attack technique takes its name from the anglerfish, which uses a glowing lure to entice and attack smaller prey. In an angler phishing attack, a fake customer-support account promises to help customers, but instead attempts to steal credentials. Social media angler phishers create fake customer support accounts that target customers of a wide variety of industries, but we have seen a majority of angler phish attacks focus on customer support accounts for financial services brands.”

The strategy has been used since at least early 2016 targeting several industries, but the majority have focused on customer support accounts for financial services brands, Proofpoint reported.

This newest scam begins when a user directs a tweet to PayPal’s official Twitter handle (@PayPal). Fraudulent PayPal accounts with a convincing handle of their own, like @AskPayPal_Tech and @AskPayPalCRT, monitor PayPal’s legitimate account for an opportunity to target customers awaiting a response. If circumstances permit, they inject themselves into the conversation and try to persuade users to click on a shortened link for further assistance.

Clicking on that link redirects users to a convincing log-in page that bears PayPal’s brand. But don’t be fooled! It’s fake, and it’s only seeking to steal users’ credentials.

Angler has risen above its competitors in recent months. This could be down to many factors: higher traffic to Angler-infected pages; exploits with a better hit-rate in delivering malware; slicker marketing amongst the criminal fraternity; more attractive pricing – in other words, good returns for the criminals who are buying “pay-per-install” malware services from the team behind Angler.

One thing is clear: Angler has a serious impact on anyone browsing the web today.